On 1/31/14 10:35 AM, Tony Finch wrote: > David Newman <dnew...@networktest.com> wrote: >> >> What action, if any, is needed? > > Does rndc sign <zone> make it wake up?
Alas, no. There are a bunch of successful IXFR messages to slave servers but the dates in that NSEC3PARAM RRSIG did not change. > Is there anything in the logs > reporting problems, e.g. inability to read the key files? For these five zones, the only warnings are that the signature has expired. The log has errors for other zones saying the serial number is unchanged. Here's an example: 30-Jan-2014 15:25:46.490 general: error: zone networktest.com/IN/internal (signed): receive_secure_serial: unchanged But I think this is unrelated to the zones with stale NSEC3PARAM RRSIGs. dn _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users